You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2001/04/16 18:02:13 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletResponseFacade.java
marcsaeg 01/04/16 09:02:13
Modified: src/share/org/apache/tomcat/facade Tag: tomcat_32
HttpServletResponseFacade.java
Log:
Completes the fix for Bugzilla 578. In addtion to needing the protocol handler for HTTPS, the URL encoder also needs to properly determine the default port for secure connections in addition to normal HTTP connections.
PR: 578
Submitted by: sgala@hisitech.com (Santiago Gala)
Revision Changes Path
No revision
No revision
1.6.2.4 +10 -7 jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java
Index: HttpServletResponseFacade.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
retrieving revision 1.6.2.3
retrieving revision 1.6.2.4
diff -u -r1.6.2.3 -r1.6.2.4
--- HttpServletResponseFacade.java 2001/03/06 17:38:13 1.6.2.3
+++ HttpServletResponseFacade.java 2001/04/16 16:02:12 1.6.2.4
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v 1.6.2.3 2001/03/06 17:38:13 marcsaeg Exp $
- * $Revision: 1.6.2.3 $
- * $Date: 2001/03/06 17:38:13 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v 1.6.2.4 2001/04/16 16:02:12 marcsaeg Exp $
+ * $Revision: 1.6.2.4 $
+ * $Date: 2001/04/16 16:02:12 $
*
* ====================================================================
*
@@ -353,11 +353,14 @@
return (false);
if (!request.getServerName().equalsIgnoreCase(url.getHost()))
return (false);
- // Set the URL port to HTTP default if not available before comparing
- int urlPort = url.getPort();
- if (urlPort == -1) {
+ // Set the URL port to the HTTP(S) default if not available before comparing
+ int urlPort = url.getPort();
+ if (urlPort == -1) {
+ if(request.isSecure())
+ urlPort = 443;
+ else
urlPort = 80;
- }
+ }
if (request.getServerPort() != urlPort)
return (false);
String contextPath = request.getContext().getPath();
AJP12 and isSecure [was RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade HttpServletResponseFacade.java]
Posted by Marc Saegesser <ma...@apropos.com>.
Dan,
Sorry it took so long to respond to this. I think this is actually broken
either way.
Request.isSecure() simply does a case insensitive comparison of the scheme
with HTTPS. Unfortunately, AJP12 does not include the scheme explicitly,
but infers it based on the server port. Anything with a server port of 443
is considered secure and the scheme is set to https, everything else gets
the default scheme of http.
If Apache was using SSL on port 8443 AJP will say the scheme is HTTP and
therefore Request.isSecure() will return false. This is, I think, the
problem your referring to. However, isEncodable() requires that the URL
being encoded has the same scheme as the current request. So if the URL
being encoded starts with HTTPS (the URLs protocol) and the current request
is really a secure request but has an incorrect scheme (due to a
non-standard port number) then isEncodeable() will refuse to encode the URL.
Thus the code works in all the cases that it can work. In the case that
fails, the problem is really with AJP12RequestAdapter.
I will admit that it looks a little odd to be setting the new URLs port
based on the current request as opposed to using the URL protocol. However,
since I'm trying to lock down tomcat_32 for a final release, I'm going to
leave this as is unless there is a failure case that I've missed.
> -----Original Message-----
> From: danmil [mailto:danmil]On Behalf Of Dan Milstein
> Sent: Wednesday, April 18, 2001 10:52 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Re: cvs commit:
> jakarta-tomcat/src/share/org/apache/tomcat/facade
> HttpServletResponseFacade.java
>
>
> Marc,
>
> In terms of connectors, I think request.isSecure() only works with ajp13.
> So, if a user is connected via ajp12, and the web server tries to do a
> url-rewriting of an https URL, I think this code will get it wrong. It
> might be better to check the request url itself to see if it begins with
> "https://" (case-insensitively).
>
> -Dan
>
>
> marcsaeg@apache.org wrote:
> >
> > marcsaeg 01/04/16 09:02:13
> >
> > Modified: src/share/org/apache/tomcat/facade Tag: tomcat_32
> > HttpServletResponseFacade.java
> > Log:
> > Completes the fix for Bugzilla 578. In addtion to needing
> the protocol handler for HTTPS, the URL encoder also needs to
> properly determine the default port for secure connections in
> addition to normal HTTP connections.
> >
> > PR: 578
> > Submitted by: sgala@hisitech.com (Santiago Gala)
> >
> > Revision Changes Path
> > No revision
> >
> >
> > No revision
> >
> >
> > 1.6.2.4 +10 -7
> jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServle
tResponseFacade.java
> >
> > Index: HttpServletResponseFacade.java
> > ===================================================================
> > RCS file:
> /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/
HttpServletResponseFacade.java,v
> > retrieving revision 1.6.2.3
> > retrieving revision 1.6.2.4
> > diff -u -r1.6.2.3 -r1.6.2.4
> > --- HttpServletResponseFacade.java 2001/03/06 17:38:13 1.6.2.3
> > +++ HttpServletResponseFacade.java 2001/04/16 16:02:12 1.6.2.4
> > @@ -1,7 +1,7 @@
> > /*
> > - * $Header:
> /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/
HttpServletResponseFacade.java,v 1.6.2.3 2001/03/06 17:38:13 marcsaeg Exp $
> > - * $Revision: 1.6.2.3 $
> > - * $Date: 2001/03/06 17:38:13 $
> > + * $Header:
> /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/
HttpServletResponseFacade.java,v 1.6.2.4 2001/04/16 16:02:12 marcsaeg Exp $
> > + * $Revision: 1.6.2.4 $
> > + * $Date: 2001/04/16 16:02:12 $
> > *
> > *
> ====================================================================
> > *
> > @@ -353,11 +353,14 @@
> > return (false);
> > if (!request.getServerName().equalsIgnoreCase(url.getHost()))
> > return (false);
> > - // Set the URL port to HTTP default if not available
> before comparing
> > - int urlPort = url.getPort();
> > - if (urlPort == -1) {
> > + // Set the URL port to the HTTP(S) default if not
> available before comparing
> > + int urlPort = url.getPort();
> > + if (urlPort == -1) {
> > + if(request.isSecure())
> > + urlPort = 443;
> > + else
> > urlPort = 80;
> > - }
> > + }
> > if (request.getServerPort() != urlPort)
> > return (false);
> > String contextPath = request.getContext().getPath();
> >
> >
> >
>
> --
>
> Dan Milstein // danmil@shore.net
Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/facade
HttpServletResponseFacade.java
Posted by Dan Milstein <da...@shore.net>.
Marc,
In terms of connectors, I think request.isSecure() only works with ajp13.
So, if a user is connected via ajp12, and the web server tries to do a
url-rewriting of an https URL, I think this code will get it wrong. It
might be better to check the request url itself to see if it begins with
"https://" (case-insensitively).
-Dan
marcsaeg@apache.org wrote:
>
> marcsaeg 01/04/16 09:02:13
>
> Modified: src/share/org/apache/tomcat/facade Tag: tomcat_32
> HttpServletResponseFacade.java
> Log:
> Completes the fix for Bugzilla 578. In addtion to needing the protocol handler for HTTPS, the URL encoder also needs to properly determine the default port for secure connections in addition to normal HTTP connections.
>
> PR: 578
> Submitted by: sgala@hisitech.com (Santiago Gala)
>
> Revision Changes Path
> No revision
>
>
> No revision
>
>
> 1.6.2.4 +10 -7 jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java
>
> Index: HttpServletResponseFacade.java
> ===================================================================
> RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v
> retrieving revision 1.6.2.3
> retrieving revision 1.6.2.4
> diff -u -r1.6.2.3 -r1.6.2.4
> --- HttpServletResponseFacade.java 2001/03/06 17:38:13 1.6.2.3
> +++ HttpServletResponseFacade.java 2001/04/16 16:02:12 1.6.2.4
> @@ -1,7 +1,7 @@
> /*
> - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v 1.6.2.3 2001/03/06 17:38:13 marcsaeg Exp $
> - * $Revision: 1.6.2.3 $
> - * $Date: 2001/03/06 17:38:13 $
> + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/facade/Attic/HttpServletResponseFacade.java,v 1.6.2.4 2001/04/16 16:02:12 marcsaeg Exp $
> + * $Revision: 1.6.2.4 $
> + * $Date: 2001/04/16 16:02:12 $
> *
> * ====================================================================
> *
> @@ -353,11 +353,14 @@
> return (false);
> if (!request.getServerName().equalsIgnoreCase(url.getHost()))
> return (false);
> - // Set the URL port to HTTP default if not available before comparing
> - int urlPort = url.getPort();
> - if (urlPort == -1) {
> + // Set the URL port to the HTTP(S) default if not available before comparing
> + int urlPort = url.getPort();
> + if (urlPort == -1) {
> + if(request.isSecure())
> + urlPort = 443;
> + else
> urlPort = 80;
> - }
> + }
> if (request.getServerPort() != urlPort)
> return (false);
> String contextPath = request.getContext().getPath();
>
>
>
--
Dan Milstein // danmil@shore.net